A typical wireless communications system may comprise a plurality of wireless devices transmitting and receiving messages with each other. These messages are typically arranged in formatted groups of data called packets. Each packet may comprise a header and a payload, the header including a preamble and a frame header. The preamble and frame header are used by each wireless device to decode, to filter, and to process the received information, and are associated with a physical layer of a communication protocol used by the wireless devices. The frame header information may also include information associated with a Media Access Control (MAC) layer. The frame header information may control traffic flow and coordinate modulation, timing, and transmitter/receiver synchronization. The frame header may be used by the wireless communications system for routing the packet to the desired recipient, whereas the payload represents the data generated by a user application to be transmitted. Typically, the size of the packet varies based upon the amount of data in the payload.
As wireless communications systems have become more prevalent, a robust security infrastructure has become desirable. Several approaches to developing such a security infrastructure have been disclosed. For example, the messages transmitted in the wireless communications system may be encrypted using an encryption algorithm, for example, Wired Equivalent Privacy (WEP), Advanced Encryption Standard (AES), and Data Encryption Standard (DES). When a packet is encrypted, typically the payload is encrypted and the preamble and frame header are left unencrypted so that the packet may be correctly identified, decoded, and routed through the wireless communications system. For example, in the IEEE 802.16 WiMAX standard, the payload may be encrypted but the preamble and frame header are left unencrypted. Indeed, in the WiMAX standard, MAC layer management messages may also be unencrypted.
Commercial communication standards may use clear access to preamble or frame header information to maintain interoperability. For example, a IEEE 802.11 or 802.16 system uses the preamble information to identify the presence of other systems in the same frequency range in order to avoid collisions or to determine the least congested wireless frequency range, and a IEEE 802.11a, 802.11g or 802.16e (WiFi) system may use the preamble information to coexist with other systems.
Although typical encryption of messages in the wireless communications system may provide for security of the payload data of a packet, there may be several security drawbacks to the typical encrypted wireless communications system. One such drawback may be the lack of security for the actual transmitted packets. In other words, a system infiltrator, for example, a rogue/infiltrator wireless communications device, may listen to the communications of the system and sniff transmitted packets. Since the typical packet has an unencrypted preamble and header, the rogue/infiltrator wireless communications device may derive sensitive information relating to the source and destination of the communication.
Multilayered communications protocols may be more susceptible to having recognizable traffic patterns. For example, the rogue/infiltrator wireless communications device may derive communication traffic density and flow patterns. The rogue/infiltrator wireless communications device may also deduce certain sensitive events based upon changes in traffic flow.
Moreover, the typical wireless communications system may be subject to denial-of-service (DoS) attacks. Although the rogue/infiltrator wireless communications device listening to transmitted encrypted traffic may not derive the encrypted payload data, during a DoS attack, the rogue/infiltrator wireless communications device may flood the system with rogue messages that mimic the authentic messages. For example, the rogue/infiltrator wireless communications device may broadcast a rogue polling message, which typically causes all wireless communications devices in range to broadcast polling reply messages. During such DoS attacks, the rogue/infiltrator wireless communications device attempts to slow, to reset, and to thereby interfere with legitimate connections. Other possible attacks may comprise, for example, a spoofing attack, traffic injection, eavesdropping, and cloning of wireless communications devices.
The wireless communications devices, assuming that the message is authentic, receive and routinely process the rogue messages, which may have encrypted data. This may cause the wireless communications devices to consume processing resources and battery power before determining they are unauthorized communications and discarding them. During a DoS attack, the infiltrator may flood the network with a large number of rogue messages and bog down the wireless communications devices with the cumbersome task of filtering out the rogue messages, thereby preventing timely processing and transmission of authorized messages.
One approach to the above drawbacks is implementing a challenge-response authentication protocol in the wireless communications system, such as disclosed in U.S. Patent Application Publication No. 2006/0129807 to Halasz et al. The challenge-response authentication protocol typically comprises a first wireless communications device presenting a question (“challenge”) and a second wireless communications device may provide a valid answer (“response”) to be authenticated. Thereafter, the first and second wireless communications devices may initiate a connection. Nonetheless, a drawback may comprise the infiltrator sniffing out proper responses and subsequently copying the information and using the response information to be played back in a DoS attack. This method may not provide for preamble security and frame header information security. Moreover, the typical wireless communications device using a challenge-response authentication protocol may still send out and reply to appropriate polling messages before transmitting a challenge message to authenticate the companion wireless communications device.